This article applies to any user in the Legacy PI software who is soon upgrading to PI2.
User roles are changing quite significantly from Legacy to PI2. We believe these changes will make for a more intuitive software experience; however, we recognize it may take time to acclimate to the new permissions structure, especially if you’ve used Legacy PI for many years.
This article aims to help bridge that gap. Below, we’ll recap how permissions are changing from Legacy to PI2. We’ll also explain what actions you can take — for yourself, or for others — to preserve your old permissions and ensure a seamless transition to the new software.
How are user roles changing in PI2?
With user roles in PI2, we wanted to expand admins’ permissioning tools while keeping the experience as user-friendly as possible. As a result, we landed on the following key changes:
Modularized access
In Legacy PI, user roles were blanket permissions; if someone had full access to one area of the software, they had full access everywhere. In PI2, you can now grant/restrict access on a per-product basis, allowing for modularized access control.
Product-specific roles
As part of PI2’s modular focus, each user is now assigned a specific role for each product. These roles are known as “access levels” in PI2. For instance, you might grant your senior recruiter “Admin” access to Hire, but “Limited” or “No” access to all other PI products.
New naming conventions
In Legacy, you’re likely accustomed to terms such as “Power User” and “Read Only.” In designing PI2 from a more modular perspective, we have made some changes to old user roles while deprecating or consolidating others. As a result, almost all of the Legacy user roles have been renamed to better fit their new capabilities.
Greater admin control
The ultimate goal of all these changes is to give you, the admin, more control over what software users can see and do in PI2. Fine tune each user’s permissions to your liking, and ensure the right data is in the right hands.
Tip: Want more detail into the “why” behind these changes? Read our support article here.
How will my permissions in Legacy translate to PI2?
We dedicated a lot of time and user research to better understand how Legacy permissions should “map” to permissions in PI2. Not every role in Legacy has a clear equivalent in PI2, so we had to make some careful decisions on behalf of upgrading clients like yourself.
Ultimately, we took a cautious approach to permission-mapping between Legacy PI and PI2. With the exception of one role — the Account Owner — you will find that most roles in Legacy will default to a role with slightly fewer permissions in PI2.
Let’s walk through these new defaults, so you can determine whether you’d like to override them in PI2.
Default permissions in PI2 based on your user role in Legacy PI
To see how Legacy permissions translate to PI2, find your current user role on the left-hand side of the below matrix. On the right-hand side, you will see what default permission level(s) you will have in PI2.
Tip: Want to see how a colleague’s PI permissions will translate to PI2? Go through this same exercise using their Legacy user role. (If you don’t know their role, now is a great time to ask!)
Should I modify my permissions in PI2?
The answer depends on your current User Role in Legacy, and what you’re looking to accomplish in PI2.
Here are some key questions to consider asking ahead of your upgrade date:
Do you need access to all employee/candidate data and all settings? If so, you should be an Organization Admin in PI2.
Are you focused more on sending assessments or using a specific tool/report? You’ll want product-specific Admin access in PI2.
Did you use Group Analytics in Legacy PI? If so, you’ll want Product Admin access to at least 1 product in PI2.
Were you “Read Only” in Legacy PI? Review how your access permissions will change in PI2, and ask an admin to expand your permissions as needed.
Note: Permissions in PI2 cannot be modified by yourself; they must be granted by someone with higher access, such as an organization admin. If you feel your PI2 permissions are inaccurate and/or should change, here's how to request those changes.
Not sure what this all means? Let’s walk through each Legacy user role in detail.
Detailed breakdown of each User Role in PI2
Account Owner
In Legacy PI, the Account Owner had unrestricted access to the entire PI platform. This included visibility into all data and access to all company settings.
In PI2, this permission level has been rebranded as “Organization Admin” but otherwise remains the same. If anything, this role has been expanded to allow for greater permissioning and data control.
As an Organization Admin, you’ll have access to all features, functionality, settings, and data.
Here’s a more detailed rundown:
| Legacy: Account Owner | PI2: Organization Admin |
Configure company settings | ✅ | ✅ |
Send Behavioral Assessments | ✅ | ✅ |
Send Cognitive Assessments | ✅ | ✅ |
Create jobs, teams, and surveys | ✅ | ✅ |
Download/email reports | ✅ | ✅ |
Run Group Analytics | ✅ | ✅ |
Add/manage users | ✅ | ✅ |
View/edit employee details | ✅ | ✅ |
Delete employees | ✅ | ✅* |
Delete candidates | ✅ | ✅ |
Create and modify folders | ✅ | ✅ |
Anonymize people data | ✅ | ✅ |
Promote or demote admins | ✅ | ✅ |
Grant/revoke access to cognitive data** | ✅ | ✅ |
*This action is now a “soft” delete known as archiving employees.
**Accomplished via the cognitive admin permission.
Note: Unlike the other access levels in PI2, which are applied modularly, Organization Admin is a blanket permission. Any Org Admin can promote/demote any other Org Admin at any time.
Account Admin
In Legacy PI, Account Admin was a blanket permission that allowed access to various areas of the software, including company settings, folder creation, and the ability to delete and/or anonymize old records. In many ways, Account Admin had similar permissions to Account Owner (the big exception being access to cognitive data).
For PI2, we’ve consolidated the Account Owner and Account Admin roles into one role: “Organization Admin.” We also added a new user role — “Product Admin” — which allows you to enable admin-level permissions for users who require full access to a specific PI product (e.g., Hire) but not full access to all data in the platform.
Account Admins from Legacy will default to the Product Admin role in PI2. This access level is modular. To simulate your previous capabilities in Legacy, the Account Admin role will default to Product Admin access for all PI modules your company is subscribed to. This can be modified at any time.
Here’s a detailed look at how your Account Admin permissions will translate to PI2:
| Legacy: Account Admin | PI2: Product Admin (applied to all modules) |
Send Behavioral Assessments | ✅ | ✅ |
Send Cognitive Assessments | ⛔* | ⛔* |
Create jobs, teams, and surveys | ✅ | ✅ |
Download/email reports | ✅ | ✅ |
Run Group Analytics | ✅ | ✅ |
Add/manage users | ✅ | ✅ |
View employee directory | ✅ | ✅ |
Edit employee details | ✅ | ⛔** |
Delete employees | ✅*** | ⛔ |
Delete candidates | ✅ | ✅ |
Create and modify folders**** | ✅ | ⛔ |
Promote or demote admins | ✅ | ⛔ |
Configure company settings | ✅ | ⛔ |
Anonymize people data | ✅ | ⛔ |
Grant/revoke access to cognitive data | ⛔ | ⛔ |
*Can be enabled via cognitive access (granted by a cognitive admin).
**The ability to edit employee details is off by default, but can be toggled on by an organization admin.
***This action is now a “soft” delete known as archiving employees.
****Employee folders have been sunsetted in PI2. Learn more here.
Important: You might be asking: “Why wouldn’t Account Admins default to Organization Admin in PI2?” As mentioned above, we took a conservative approach to permissions-mapping. Organization Admin is intended more for data upkeep and cleanup, while Product Admin is intended more for actually using the PI platform.
If you are an Account Admin who feels you should instead default to Organization Admin in PI2, we recommend speaking with your Account Owner and requesting that they promote you to Account Owner ahead of your upgrade date.
Tip: If it isn’t possible for your Account Owner to upgrade your access ahead of your upgrade date, they can always promote you to Organization Admin after you’ve upgraded to PI2.
Power User / User
True to their name, “Power Users” in Legacy were often those who used PI the most in an organization. The “User” role in Legacy PI shared most of the same capabilities as the Power User, with a few exceptions. Power Users could create and manage folders; they could also manage information such as name, email, and associated job.
In PI2, the ability to create and manage folders lies solely with the top-level role, Organization Admin. Similarly, managing information is performed mainly through the Org Admin role. As a result, Users and Power Users in Legacy both default to the same role in PI2: “Limited” access.
Exception: Power Users and Users default to “Limited” access for all PI products except Diagnose, for which they default to “No Access.” Diagnose is intended for use by HR admins and people managers only, so we took a conservative approach when mapping permissions.
Here’s a detailed breakdown of how Power Users / Users translate to PI2:
| Legacy: Power User | Legacy: User | PI2: Limited User (except Diagnose) |
Send Behavioral Assessments | ✅ | ✅ | ⛔* |
Send Cognitive Assessments | ⛔** | ⛔** | ⛔** |
Create jobs | ✅ | ✅ | ⛔* |
Create teams | ✅ | ✅ | ⛔* |
Create and send engagement surveys | ✅ | ✅ | ⛔*** |
Download/email reports | ✅ | ✅ | ✅ |
Run Group Analytics | ✅ | ⛔ | ⛔ |
Add/manage users | ⛔ | ⛔ | ⛔ |
View employee directory | ✅ | ✅ | ⛔ |
Edit employee details | ✅ | ⛔ | ⛔ |
Delete employees | ✅ | ✅ | ⛔ |
Delete candidates | ✅ | ✅ | ✅**** |
Create and modify folders | ✅ | ⛔ | ⛔ |
Promote or demote admins | ⛔ | ⛔ | ⛔ |
Configure company settings | ⛔ | ⛔ | ⛔ |
Anonymize people data | ⛔ | ⛔ | ⛔ |
Grant/revoke access to cognitive data | ⛔ | ⛔ | ⛔ |
*This permission is disabled by default but can be enabled at any time.
**Can be enabled via cognitive access (granted by a cognitive admin).
***Power Users and Users default to “No Access” for Diagnose. This can be modified at any time.
****Limited users can only delete candidates associated with jobs that they own.
Important: You will notice that “Limited” users in PI2 do not have access to Group Analytics. This was functionality that Power Users had access to in Legacy PI.
If a Power User at your organization enjoyed the Group Analytics feature, we recommend modifying their access level to “Product Admin” for at least 1 product. Doing so will grant them access to Group Analytics in PI2.
Read Only
In Legacy PI, Read Only users had access only to very limited data. For example, they could view a report or a team has been shared with them, but they couldn’t manipulate any data or settings in the software.
In PI2, Read Only users will lose access to most areas of the software, with the exception of Inspire. They can continue to access employee reports, but if they had access to a Job Report in Hire or a team in Design, you will need to grant them “Limited” access for them to see it again.
Here’s a detailed visual of the changes:
| Legacy: Read Only | PI2: No Access (except Inspire) |
Send Behavioral Assessments | ⛔ | ⛔* |
Send Cognitive Assessments | ⛔ | ⛔ |
Create jobs, teams, and surveys | ⛔ | ⛔ |
View employee reports | ✅ | ✅ |
Download/email employee reports | ⛔ | ✅ |
View a shared team | ✅ | ⛔ |
Run Group Analytics | ⛔ | ⛔ |
Add/manage users | ⛔ | ⛔ |
View employee directory | ✅ | ⛔ |
Edit employee details | ⛔ | ⛔ |
Delete employees | ⛔ | ⛔ |
Delete candidates | ⛔ | ⛔ |
Create and modify folders | ⛔ | ⛔ |
Promote or demote admins | ⛔ | ⛔ |
Configure company settings | ⛔ | ⛔ |
Anonymize people data | ⛔ | ⛔ |
Grant/revoke access to cognitive data | ⛔ | ⛔ |
*The ability to send Behavioral Assessments is off by default, but can be enabled at any time.
Exception: While Read Only users largely have “No” access in PI2, the exception is Inspire, in which they have “Limited” access. These users will have the ability to send Behavioral Assessments and view/email employee reports in Inspire. You can modify these permissions at any time.
Third Party User
In Legacy PI, Third Party Users had access to the vast majority of features in the software, minus cognitive data, anonymization, and other data management functionality.
In PI2, Third Party Users remain largely the same (including the name). The TPU role is designed to help outside parties (such as your PI Certified Consultant) provide guidance if and when you need it within the software.
Here’s a detailed breakdown of the changes:
| Legacy: Third Party User | PI2: Third Party User |
Configure company settings | ✅ | ✅ |
Send Behavioral Assessments | ✅ | ✅ |
Send Cognitive Assessments | ⛔ | ⛔ |
Create jobs, teams, and surveys | ✅ | ✅ |
Download/email reports | ✅ | ✅ |
Run Group Analytics | ✅ | ✅ |
View employee directory | ✅ | ✅ |
Add/manage users | ✅ | ✅ |
View/edit employee details | ✅ | ✅ |
Delete employees | ✅ | ✅* |
Delete candidates | ✅ | ✅ |
Create and modify folders | ✅ | ✅ |
Promote or demote admins | ✅ | ✅ |
Configure company settings | ✅ | ✅ |
Anonymize people data | ⛔ | ⛔ |
Grant/revoke access to cognitive data | ⛔ | ⛔ |
*This action is now a “soft” delete known as archiving employees.
How to change default permissions in PI2
There are two ways to change your default permissions in PI2:
You can change your current permissions in Legacy PI (ahead of your upgrade date).
You can wait until you’re upgraded to PI2 and then modify your new permissions.
Let’s explore both of these scenarios.
Note: Permissions cannot be modified by yourself; they must be granted by someone with higher access, such as an organization admin. The following steps will explain how to reach out to an admin to request these changes.
Changing your permissions before your upgrade date
To ensure uninterrupted use of PI2, you can proactively make changes to your permissions in Legacy PI. Doing so will ensure your permissions translate to your desired defaults in PI2.
To update your permissions in Legacy PI:
Review the charts above to determine your directed permission level in PI2.
Reach out to your Account Owner.
Share this support article with them.
Ask them to watch the video titled “Changing user roles.”
Request that they update your User Role to the role in Legacy that corresponds to the desired permission level in PI2.
Example: Dylan is a Power User in Legacy. In addition to using PI for recruiting and talent development, he enjoys running Group Analytics reports with various teams.
After reviewing how permissions translate from Legacy PI to PI2, Dylan realized that he’d lose access to the Group Analytics he used in the old software. To ensure uninterrupted access to his workflow in PI2, he needs to be a Product Admin for at least 1 PI module.
In a conversation with Jane, his organization’s Account Owner, Dylan requested to be promoted to Account Admin in Legacy PI. Once his organization upgrades to PI2, Dylan will be granted Admin permissions to all PI products, thus allowing him to retain access to Group Analytics.
Changing your permissions after your upgrade date
Once you’ve upgraded to PI2, reach out to your Account Owner (aka, your Organization Admin).
Together with your Org Admin, explain what you’d like your permissions to be in PI2. Have them follow the instructions in this support article and modify your account permissions accordingly.
Example: Susan was an Account Admin in Legacy, which means she will have product-level Admin access to all PI modules in PI2. However, Susan typically handles a lot of the heavier administrative tasks, such as archiving and anonymizing old data.
In a conversation with Jane, her organization’s Account Owner, Susan explained she should have Organization Admin permissions in PI2. Once her organization upgraded to PI2, Susan booked 15 minutes with Jane to review her permissions and make the necessary adjustments.
Additional support